EPA-164: Cleanup

README.md

@@ -155,11 +155,6 @@ Use environment variables to configure the relying party server.
 | `EHEALTHID_RP_LOG_LEVEL`                     | The log level.                                                                                                                                                             | `INFO`                                                            |
 | `EHEALTHID_RP_OPENID_PROVIDER_SIG_JWKS_PATH` | Path to a JWKS with signing keys for our openIdProvider, for example the id_token issued by the relying party will be signed with it. Will be generated if not configured. | `./openid_provider_sig_jwks.json`                                 |
 
-public static final String CONFIG_FEDERATION_SIG_JWKS_PATH = "federation_sig_jwks_path";
-public static final String CONFIG_OPENID_RP_SIG_JWKS_PATH = "openid_rp_sig_jwks_path";
-public static final String CONFIG_OPENID_RP_ENC_JWKS_PATH = "openid_rp_enc_jwks_path";
-public static final String CONFIG_OPENID_PROVIDER_SIG_JWKS_PATH = "openid_provider_sig_jwks_path";
-
 # Generate Keys & Register for Federation
 
 In order to participate in the GesundheitsID one needs to register the entity statement of the IDP

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/ConfigReader.java

@@ -1,13 +1,10 @@
 package com.oviva.ehealthid.relyingparty;
 
-import com.nimbusds.jose.jwk.JWKSet;
 import com.oviva.ehealthid.relyingparty.cfg.ConfigProvider;
 import com.oviva.ehealthid.relyingparty.cfg.RelyingPartyConfig;
 import com.oviva.ehealthid.relyingparty.fed.FederationConfig;
 import com.oviva.ehealthid.relyingparty.util.Strings;
-import com.oviva.ehealthid.util.JwksUtils;
 import java.net.URI;
-import java.nio.file.Path;
 import java.time.Duration;
 import java.util.List;
 import java.util.Optional;
@@ -42,8 +39,6 @@ public ConfigReader(ConfigProvider configProvider) {
 
   public Config read() {
 
-    var federationEntityStatementJwks = loadJwks(CONFIG_FEDERATION_ENTITY_STATEMENT_JWKS_PATH);
-
     var baseUri =
         configProvider
             .get(CONFIG_BASE_URI)
@@ -149,20 +144,6 @@ private int getPortConfig(String configPort, int defaultValue) {
         .orElse(defaultValue);
   }
 
-  private JWKSet loadJwks(String configName) {
-
-    var path =
-        configProvider
-            .get(configName)
-            .map(Path::of)
-            .orElseThrow(
-                () ->
-                    new IllegalArgumentException(
-                        "missing jwks path for '%s'".formatted(configName)));
-
-    return JwksUtils.load(path);
-  }
-
   public record Config(
       RelyingPartyConfig relyingParty,
       FederationConfig federation,

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/Main.java

@@ -2,7 +2,6 @@
 
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
-import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.jwk.*;
 import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
 import com.oviva.ehealthid.auth.AuthenticationFlow;
@@ -45,8 +44,6 @@
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.net.http.HttpClient;
-import java.security.KeyPair;
-import java.security.interfaces.ECPublicKey;
 import java.time.Clock;
 import java.time.Duration;
 import java.util.ArrayList;
@@ -203,18 +200,6 @@ private void bootManagementServer(
     managementServer.start();
   }
 
-  private ECKey toEcKey(KeyPair kp) {
-    try {
-      return new ECKey.Builder(Curve.P_256, (ECPublicKey) kp.getPublic())
-          .keyIDFromThumbprint()
-          .privateKey(kp.getPrivate())
-          .keyUse(KeyUse.SIGNATURE)
-          .build();
-    } catch (JOSEException e) {
-      throw new IllegalStateException("cannot create EC JWK from keypair", e);
-    }
-  }
-
   private com.oviva.ehealthid.fedclient.api.HttpClient instrumentHttpClient(
       com.oviva.ehealthid.fedclient.api.HttpClient client) {
     if (logger.isDebugEnabled()) {

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/fed/FederationConfig.java

@@ -1,6 +1,5 @@
 package com.oviva.ehealthid.relyingparty.fed;
 
-import com.nimbusds.jose.jwk.ECKey;
 import java.net.URI;
 import java.time.Duration;
 import java.util.List;
@@ -32,8 +31,6 @@ public static final class Builder {
     private List<String> redirectUris;
     private List<String> scopes;
     private String appName;
-    private ECKey relyingPartySigningKey;
-    private ECKey relyingPartyEncryptionKey;
 
     private Builder() {}
 

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/providers/BasicKeystoreProvider.java

@@ -137,6 +137,8 @@ private static Function<URI, ECKey> cachedSigningKeyProvider(ECKey openIdRelying
             });
   }
 
+  private BasicKeystoreProvider() {}
+
   static class StaticKeyStores implements KeyStores {
 
     private final Function<URI, ECKey> rpSigKeysProvider;

ehealthid-rp/src/test/java/com/oviva/ehealthid/relyingparty/testenv/EnvironmentTest.java

@@ -48,7 +48,7 @@ void test_envFile(@TempDir Path tempDir) throws IOException {
   }
 
   @Test
-  void test_envFile_notFound(@TempDir Path tempDir) throws IOException {
+  void test_envFile_notFound(@TempDir Path tempDir) {
 
     var f = tempDir.resolve("does_not_exist");
 

ehealthid-rp/src/test/java/com/oviva/ehealthid/relyingparty/testenv/GematikHeaderDecoratorHttpClientTest.java

@@ -26,8 +26,10 @@ void noDecoration() {
     var uri = URI.create("https://example.com");
     var req = new HttpClient.Request(uri, "GET", List.of(), null);
 
-    var res = client.call(req);
+    // when
+    client.call(req);
 
+    // then
     var captor = ArgumentCaptor.forClass(HttpClient.Request.class);
     verify(httpClient).call(captor.capture());
 
@@ -52,7 +54,7 @@ void worksIfHeaderMissing() {
     var req = new HttpClient.Request(uri, "GET", List.of(), null);
 
     // when
-    var res = client.call(req);
+    client.call(req);
 
     // then
     var captor = ArgumentCaptor.forClass(HttpClient.Request.class);